Community News Magazine Trust and identity

eduGAIN at 10 – the star at the heart of a constellation

From a lone star to a whole constellation: in 10 years, eduGAIN has evolved from a single-problem solution to a central point in an array of services. In providing an underlying foundation, eduGAIN has become deeply embedded in today’s Trust and Identity (T&I) landscape. But participation in the interfederation service has also spread widely, with 70+ federations, 4,000+ organisations and 3,000+ services around the world now on board. So, as it marks its 10 year anniversary, we reflect on the past and future of eduGAIN.

“eduGAIN in the first place is policy and metadata validation, aggregation and exchange; the rest is monitoring, statistics, support and PR.” Tomasz Wolniewicz (PSNC)

eduGAIN in the first place is policy and metadata validation, aggregation and exchange; the rest is monitoring, statistics, support and PR,” says Tomasz Wolniewicz of PSNC, who won a GÉANT Community Award in 2017 jointly with Maja Górecka-Wolniewicz – who was instrumental in technical developments – in part for their commitment to eduGAIN over many years. They were in the service team with Mikael Berglund (SUNET) and Wojbor Bogacki, led by Valter Nordh (SUNET), when eduGAIN became a full production service on 27 April 2011. This followed a successful pilot phase led by the late Jürgen Rauschenbach (DFN). Leadership later switched to Josh Howlett (then at Jisc), then Brook Schofield (GÉANT) with Ann Harding (SWITCH), who together supervised the addition of a large number of new participants and extensive technical support. Other significant contributors to the early days were Diego Lopez and Lukas Hämmerle, then at RedIRIS and SWITCH.

The number of federations participating in eduGAIN soon grew from the 13 in the pilot phase. The first members, SIR (Spain) and DFN (Germany), formally declared their participation in June 2011, signing the policy framework declaration that had been devised by Mikael Linden (CSC), Shannon Milsom and Andrew Cormack (Jisc). In 2012, the service went global, adding the Canadian and Brazilian federations. By March 2016, 38 were participating, supported with web-based technical information and tools, from January 2015.

Three men holding documents
Torsten Kersting (left) of DFN and Ajay Daryanani (right), then of RedIRIS, handing over the eduGAIN declaration to Tomasz Wolniewicz in June 2011. (© GÉANT)

The early federation operators turned their member organisations “upside down” to implement the eduGAIN technology, which was “pretty complex” at the beginning, according to Nicole Harris (GÉANT), who was responsible for establishing the UK Access Management Federation, one of the early contributors to eduGAIN, and who has worked with research and education identity federations through REFEDS for many years. Federations’ commitment has been key to eduGAIN’s success. This point was echoed in a 2017 blog by Ann Harding, highlighting why strategic investment in identity management provides value in the scope and reach of services for research and education. As research communities began to understand the potential use and impact of federated identity, they “identified requirements and needs for which eduGAIN was not originally considered”.

To address this challenge, GÉANT and the federations began working with research communities in the GÉANT Project (GN3plus) and the AARC (Authentication and Authorisation for Research Collaborations) project. This led to SIRTFI (Security Incident Response Trust Framework for Federated Identity) and the AARC Blueprint Architecture, in which eduGAIN is a vital component, and which allows technical decision makers in research collaborations to build custom AAI solutions for their communities.

Using the AARC architecture, the eduTEAMS service provides a ‘turnkey solution for creating and managing community AAIs’, enabling the creation and management of virtual teams and secure access and sharing of resources and services, using federated identities from eduGAIN and trusted identity providers. As eduTEAMS is now delivering AAI services for ESFRI cluster research infrastructures in the EOSC context; HPC infrastructures in the context of EuroHPC and the wider HPC community; and digitisation of student mobility in the European Student Card Initiative context, it’s fair to say that eduGAIN’s impact is becoming wide-sweeping. When you consider that by integrating eduGAIN in solutions for student e-identity and working with the Erasmus+ programme, the MyAcademicID project and its recent successor EDSSI will be supporting international mobility for around half a million students each (non-COVID) year, the impacts become even more impressive.

The newest comer to the eduGAIN constellation is InAcademia, which launched as a production service around a year ago and is allowing students and staff from participating institutions to access or buy online services and products, while protecting their privacy. With the advent of the European Union’s General Data Protection Regulations in May 2018, the need for privacy-protecting technology such as eduGAIN became more pressing.

In October 2020, eduGAIN welcomed one of its latest new participants, the China Science and Technology Cloud (CSTCloud), which supports over 100,000 researchers in a variety of fields. So, it’s easy to see how the service is rapidly growing – and that well-coordinated technical support is essential to keep it working smoothly into the next 10 years.

“Today’s eduGAIN is a success story thanks to the community stars who worked so hard in the past and to the federation operators that supported the project in each participating federation. Without their continuous support, eduGAIN wouldn’t have been possible. We’re now developing technical support tools and training materials to ensure that eduGAIN continues to safely grow, along with the constellation of services that depend on it.” Davide Vaghetti (GARR), current eduGAIN leader in the GÉANT (GN4-3) Project.


This article is featured on CONNECT36! Read or download the full magazine here: Interactive PDF (hosted externally) | Web PDF Web spreadSingle page (hosted on this site)